What is claimed is: 



1. A small footprint device comprising: 

a. at least one processing element; 

b. memory, and 

c. a context barrier, using said memory and running 
on said processing element, for isolating program modules 
from one another. 

2 . The small footprint device of claim 1 in which 
said at least one processing element is a virtual machine 
running on a processor. 

3 . The small footprint device of claim 2 in which 
said virtual machine runs on top of a card operating 
system . 

4 . The small footprint device of claim 1 in which 
said context barrier allocates separate respective name 
spaces for each program module. 

5. The small footprint device of claim 1 in which 
said context barrier allocates separate respective memory 
spaces for each program module. 
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6. The small footprint device of claim 1 in which 
said processing element is single threaded. 

7. The small footprint device of claim 6 in which 
the processing element runs each program module as a 
separate context . 

8 . The small footprint device of claim 1 in which 
at least one program module comprises a plurality of 
applets . 

9. The small footprint device of claim 1 in which 
said context barrier enforces at least one security check 
on at least one of principal, object or entity to prevent 
access from one context to a different context. 

10. The small footprint device of claim 9 in which 
at least one security check is based on partial name 
agreement between a principal and an object. 

11. The small footprint device of claim 9 in which 
at least one security check is based on memory space 
agreement between a principal and an object. 
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12. A method of operating a small footprint device, 
comprising the step of preventing access from one program 
module to a different program modules using a context 
barrier . 

13. The method of claim 12, in which the context 
barrier is implemented using a single threaded processing 
element . 

14. The method of claim 12 in which the single 
threaded processing element is a virtual machine. 

15. The method of claim 12 in which the context 
barrier will not permit a principal to access an object 
unless both principal and object are part of the same 
name space. 

16. The method of claim 12 in which the context 
barrier will not permit a principal to access an object 
unless both principal and object are part of the same 
memory space . 

17. The method of claim 12 in which the context 
barrier will not permit a principal to perform an action 
on an object unless both principal and object are part of 
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the same context and the action is appropriate for the 
obj ect . 

18. A computer program product, comprising: 

a. a memory medium; and 

b. a computer controlling element comprising 
instructions for implementing a context barrier on a 
small footprint device. 

19. The computer program product of claim 18 in 
which said memory medium is a carrier wave. 

20. A computer program product, comprising: 

a. a memory medium; and 

b. a computer controlling element comprising 
instructions for separating a plurality of programs on a 
small footprint device by running them in respective 
contexts . 

21. The computer program product of claim 20 in 
which said memory medium is a carrier wave. 

22. A carrier wave carrying instructions for 
implementing a context barrier on a small footprint 
device over a communications link. 
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23 . A carrier wave carrying instructions over a 
communications link for separating a plurality of 
programs on a small footprint device by running them in 
respective contexts . 

24. A method of shipping code over a network, 
comprising the step of transmitting a block of code from 
a server, said block of code comprising instructions over 
a communications link for separating a plurality of 
programs on a small footprint device by running them in 
respective contexts. 
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